Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/74d24495-fc83-40fe-9428-8318f9be75f6.roa
File:                     74d24495-fc83-40fe-9428-8318f9be75f6.roa (raw, json)
Hash identifier:          QjhamRFmvXpib7jqgtsEZ65Oj67Zsu1qWxbSebugpow=
Subject key identifier:   B2:41:BB:97:80:5B:B0:3C:77:18:BB:A7:07:51:E2:E7:C5:0A:48:94
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2A29F789D0D43C485A91A139E8D4CF377139251B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/74d24495-fc83-40fe-9428-8318f9be75f6.roa
Signing time:             Sun 19 Oct 2025 00:41:30 +0000
ROA not before:           Sun 19 Oct 2025 00:41:30 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff3:8090::/46 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:29:f7:89:d0:d4:3c:48:5a:91:a1:39:e8:d4:cf:37:71:39:25:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 00:41:30 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=56b9723f1bf11348f7342929d5cecf0101f890562f17dd587fe4f10cad57062c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:5d:94:9a:4b:eb:5b:22:00:6e:dc:0b:81:40:
                    49:f6:55:58:64:40:f8:57:c1:e5:3f:17:73:5c:ee:
                    91:73:30:ff:81:f1:15:2a:1a:3c:d4:db:93:04:e5:
                    3f:7c:72:8f:fd:ea:d5:a9:5f:25:30:06:ce:40:55:
                    73:52:cf:92:2a:02:22:f6:46:6e:96:d2:1b:a9:13:
                    0e:3a:94:8b:83:86:a2:cb:dc:e6:08:9c:0f:07:64:
                    68:7b:89:d7:92:0f:44:c1:a8:8c:28:68:57:b3:b0:
                    1e:12:fb:0f:82:f8:87:c4:68:4c:ef:33:0d:ed:13:
                    04:71:35:46:a8:78:b0:2d:81:26:ec:46:47:07:8b:
                    74:fc:0d:c9:5b:9c:4a:3c:65:6e:58:ce:f1:34:af:
                    79:2c:38:1f:f7:eb:48:35:94:ae:5a:ad:c7:ba:1f:
                    aa:66:7c:d7:7e:05:0e:75:50:d3:0f:12:0e:80:1a:
                    40:45:c8:02:04:96:b1:f9:af:e6:e4:0b:5b:6e:ef:
                    ef:fa:b5:55:28:af:d5:06:34:78:a9:e4:a0:d1:fd:
                    d8:90:c0:7b:e9:2a:04:d1:46:71:80:32:3a:1b:8d:
                    3d:21:95:25:dc:72:51:a9:de:2f:a5:e7:55:f6:00:
                    bf:19:6c:df:c1:9d:b6:e7:0a:19:ec:99:92:1e:4b:
                    34:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:41:BB:97:80:5B:B0:3C:77:18:BB:A7:07:51:E2:E7:C5:0A:48:94
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/74d24495-fc83-40fe-9428-8318f9be75f6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff3:8090::/46

    Signature Algorithm: sha256WithRSAEncryption
         21:fe:4e:23:cf:c2:59:a4:9d:2d:7f:f1:06:e3:f0:1a:a9:dc:
         07:77:a6:93:55:cf:38:19:0a:97:7b:33:ca:b4:89:44:7f:79:
         e1:6a:d1:77:ff:bc:4d:b0:28:08:08:b6:ec:33:6a:d9:a7:89:
         bb:1f:20:72:9d:29:08:3f:8b:1c:c6:15:42:ed:3c:ee:0e:2c:
         d4:d7:05:28:7b:ba:7f:ea:ca:c6:ea:28:0c:91:ba:35:d5:01:
         6a:95:ff:c9:24:f4:6f:15:b8:e5:7e:97:9e:7b:85:fd:89:7b:
         c0:2c:96:3a:a3:d7:42:34:35:ed:0a:19:4e:0f:f6:8f:59:f2:
         0f:68:da:89:3d:5b:a7:de:68:1a:57:03:9e:5a:be:e7:33:d3:
         ce:09:cf:1d:a0:4c:34:18:dd:ca:d5:10:31:47:5d:8d:ca:2e:
         cb:04:00:c2:fa:eb:be:cf:8a:0b:f3:cb:5c:3a:5e:1d:2a:c3:
         03:9a:bc:af:fc:f7:fb:7e:b6:38:b7:0e:dc:68:f9:b5:da:42:
         29:84:5e:96:14:b9:e9:0a:61:ab:31:6c:85:b5:ff:16:1b:2e:
         70:8d:c5:07:f1:aa:63:f7:c9:db:69:de:fd:9f:0c:05:ec:4d:
         98:9c:23:34:82:8c:57:f2:55:f7:92:72:22:97:21:1b:97:32:
         72:49:0a:7c
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUKin3idDUPEhakaE56NTPN3E5JRswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDA0MTMwWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NmI5NzIzZjFiZjExMzQ4ZjczNDI5MjlkNWNlY2YwMTAx
Zjg5MDU2MmYxN2RkNTg3ZmU0ZjEwY2FkNTcwNjJjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLXZSaS+tbIgBu3AuBQEn2VVhkQPhXweU/F3Nc7pFzMP+B
8RUqGjzU25ME5T98co/96tWpXyUwBs5AVXNSz5IqAiL2Rm6W0hupEw46lIuDhqLL
3OYInA8HZGh7ideSD0TBqIwoaFezsB4S+w+C+IfEaEzvMw3tEwRxNUaoeLAtgSbs
RkcHi3T8DclbnEo8ZW5YzvE0r3ksOB/360g1lK5arce6H6pmfNd+BQ51UNMPEg6A
GkBFyAIElrH5r+bkC1tu7+/6tVUor9UGNHip5KDR/diQwHvpKgTRRnGAMjobjT0h
lSXcclGp3i+l51X2AL8ZbN/BnbbnChnsmZIeSzQnAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUskG7l4BbsDx3GLunB1Hi58UKSJQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc0ZDI0NDk1LWZjODMtNDBmZS05NDI4LTgzMThmOWJlNzVmNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwImAB/zgJAwDQYJKoZIhvcNAQELBQADggEBACH+TiPPwlmknS1/8Qbj8Bqp
3Ad3ppNVzzgZCpd7M8q0iUR/eeFq0Xf/vE2wKAgItuwzatmnibsfIHKdKQg/ixzG
FULtPO4OLNTXBSh7un/qysbqKAyRujXVAWqV/8kk9G8VuOV+l557hf2Je8Asljqj
10I0Ne0KGU4P9o9Z8g9o2ok9W6feaBpXA55avucz084Jzx2gTDQY3crVEDFHXY3K
LssEAML6677Pigvzy1w6Xh0qwwOavK/89/t+tji3Dtxo+bXaQimEXpYUuekKYasx
bIW1/xYbLnCNxQfxqmP3ydtp3v2fDAXsTZicIzSCjFfyVfeSciKXIRuXMnJJCnw=
-----END CERTIFICATE-----